The Agent Skills Directory

The skill instructs the AI to construct and execute a shell command to open the generated document: open -a Typora FOR[name].md. The name variable can be derived from user input (e.g., /explain-project Sarah). If a malicious user provides a name containing shell metacharacters (e.g., "; rm -rf /;"), these characters will be interpreted by the shell, leading to arbitrary command execution. For example, if the user provides "; evil_command;" as the name, the skill would attempt to execute open -a Typora FOR["; evil_command;"].md, which a shell would parse as open -a Typora FOR[" followed by evil_command and then ].md. This constitutes a shell injection vulnerability.

Additionally, the skill processes external content (project files, git history). While necessary for its function, this introduces a general susceptibility to indirect prompt injection if these external files contain malicious instructions. This is an informational finding, as it's an inherent risk of processing external data rather than a specific vulnerability in the skill's code itself.